Potential fix for code scanning alert no. 3: Artifact poisoning

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: oleander

.github/workflows/cd.yml

@@ -165,15 +165,26 @@ jobs:
       - name: Publish & tag (patch bump)
         run: cargo release minor --no-confirm --execute --allow-branch main
 
+      - name: Create temporary directory for artifacts
+        run: mkdir -p ${{ runner.temp }}/artifacts
+
       - name: Download all artifacts
-        run: gh run download ${{ github.run_id }}
+        run: gh run download ${{ github.run_id }} --dir ${{ runner.temp }}/artifacts
 
       - name: Zip each downloaded directory
         run: |
           for dir in $(ls -d git-ai-*); do
             tar -czf ${dir}.tar.gz ${dir}
           done
 
+      - name: Verify artifact contents
+        run: |
+          if [ ! -d "${{ runner.temp }}/artifacts" ]; then
+            echo "Artifacts directory not found!" >&2
+            exit 1
+          fi
+          # Add additional verification logic here if needed
+
       - name: Get version
         id: app
         run: echo "version=$(cargo metadata --no-deps --format-version 1 | jq -r '.packages[0].version')" >> $GITHUB_OUTPUT